Doh!
!TLSv1.3 added to "main.conf" fixed the issue hopefully.
Will work on updating certificate later...
On 6/22/19, 8:10 AM, "owner-postfix-us...@postfix.org on behalf of Security
Admin (NetSec)" <owner-postfix-us...@postfix.org on behalf of
secad...@netsecdesign.com> wrote:
I figured TLS 1.3 might be the culprit from the logs. The OpenSSL version
shows "OpenSSL 1.1.1 11 Sep 2018" and it was updated recently via Ubuntu.
How might I go about not negotiating TLS 1.3, as it is obvious I need to
update some certificates (which I will worry about later).
Edward Ray
On 6/21/19, 10:36 PM, "owner-postfix-us...@postfix.org on behalf of Viktor
Dukhovni" <owner-postfix-us...@postfix.org on behalf of
postfix-us...@dukhovni.org> wrote:
On Sat, Jun 22, 2019 at 04:09:45AM +0000, Security Admin (NetSec) wrote:
> Within the last week or so I am suddenly unable to send or receive
from
> Google Gmail. Any help with this issue would be appreciated.
What version of OpenSSL is installed on your system? Was it upgraded
recently? You are now negotiating TLSv1.3, was that the case
previously?
> Receive Error from mail.log:
>
> Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_accept:TLSv1.3 write
server certificate verify
> Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL_accept:SSLv3/TLS
write finished
Your SMTP server has just sent its certificate chain, and signature
over the handshake transcript (so far).
> Jun 21 20:59:26 portus postfix/smtpd[3726]: SSL3 alert
read:fatal:illegal parameter
The SMTP client responds with an "illegal parameter" alert. As yet,
unclear why.
> Send Error from mail.log:
>
> Jun 21 21:05:47 portus postfix/smtpd[3726]: SSL_accept:SSLv3/TLS
write certificate
> Jun 21 21:05:47 portus postfix/smtpd[3726]: SSL_accept:TLSv1.3 write
server certificate verify
Sadly this too is a receive log.
--
Viktor.
